perlquestion
dug
<p>At $work a co-worker recently sent an obfu out to the tech list that
relied on <code>keys()</code> returning the keys of a hash in the same
order every time the piece of code was executed. My perl is 5.8.8,
compiled without "-DUSE_HASH_SEED_EXPLICIT", and I don't have the
"PERL_HASH_SEED" environment variable set.</p>
<p>Given my interpretation of `perldoc -f keys`, and `perldoc perlrun`,
every time I call <code>keys()</code> on a hash, even between runs of
perl, I will get a different order. This is the relevant piece of
documentation from `perldoc -f keys`:</p>
<blockquote>
Since Perl 5.8.1 the ordering is different even
between different runs of Perl for security reasons
(see "Algorithmic Complexity Attacks" in perlsec).
</blockquote>
<p>But when I run:</p>
<code>
#!/usr/bin/perl
use warnings;
use strict;
my %hash = (
A => "B",
C => "D",
E => "F",
);
print keys %hash;
</code>
<p>"ACE" is printed every time (at least every time that I've run it).</p>
<p>Is there a bug in the way I'm reading the documentation? If I remember
correctly (which is unlikely), this was kind of a big deal when 5.8.1
came out, as there was a fair bit of code in the wild that disobeyed the
documentation and relied on hash ordering.</p>
<p>My understanding of the current implementation given my version, compilation options and environment variables was that I could rely on hashes *not* being ordered the same between runs of perl. I'm clearly missing something. Can anyone shed some light?</p>
<p>Thanks,</p>
-- Douglas Hunter